Mobile station, position management apparatus, subscriber information management apparatus, mobile communication system, access control apparatus, home base station and communication method

ABSTRACT

A system includes a subscription storage that stores an APN for identifying a home base station and the service class available for a UE as subscription information, in correspondence with a mobile terminal identifier for identifying UE; a positional information update request receiver for receiving a positional information update request of UE 70 from an MME; and a positional information response transmitter that extracts the available service class included in the positional information update request, from the subscription storage and transmits a positional information update response included with the extracted service class to MME. With this configuration, it is possible to provide a mobile communication system in which, for a plurality of services of a home base station, the owner of a home base station can set the access right for each of the services, and communication data is transferred based on the set access right.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a Continuation of copending application Ser. No.13/380,345, filed on Dec. 22, 2011, which was filed as PCT InternationalApplication No. PCT/JP2010/060449 on Jun. 21, 2010, Patent ApplicationNo. 2009-148917, filed in Japan on Jun. 23, 2009, all of which arehereby expressly incorporated by reference into the present application.

TECHNICAL FIELD

The present invention relates to a mobile communication system and thelike.

BACKGROUND ART

Mobile communication system standardization group, 3GPP (The 3rdGeneration Partnership Project) is investigating EPS (Evolved PacketSystem) as a next generation mobile telecommunication system, andstudying HeNB (Home eNodeB) as a small base station installed in aresidence or the like as an EPS configurational apparatus (which will bereferred to hereinbelow as home base station).

The home base station forms a small-scale wireless cell called afemtocell, which accommodates UEs (User Equipment: mobile terminaldevices) using the same wireless access technique as that of a normalbase station and establishes connection to the core network of themobile communication system via a broadband line to be able to relaycommunication data of UEs accommodated therein.

Since the home base station uses the broadband line as backhaul and canbe set by a general user, it is possible to easily extend the coveragearea of the mobile communication system, especially the indoor coveragearea. Further, since the radius of the cell is small and the cell can beexclusively used by a few users, it is possible to expect improvement incommunication speed and frequency usage efficiency compared to anoutdoor macro cell base station which a large number of users have toshare.

Further, in non-patent document 2, local IP access function is definedas a functional requirement of a home base station. The local IP accessis to provide for UEs connectivity to the network such as a networkinside the home (which will be referred to hereinbelow as “homenetwork”) to which the home base station is connected directly. Forexample, this enables a UE to connect another information terminal(printer etc.) that is connected to the home network (this will becalled hereinbelow “home network connection service”), and also enablesthe UE to connect to the internet without passage of the core network ofthe mobile communication system (this will be called hereinbelow“internet connection service”).

Conventionally, if a UE performs direct communication with an appliancehaving no cellular communication interface such as a printer or thelike, the UE needs to have a local area-use communication interface suchas a wireless LAN etc. However, use of local IP access enables even a UEthat has a cellular communication interface only to performcommunication with other communication terminals within the home networkbecause the home base station functions as a gateway between differentwireless access schemes.

Since use of local IP access also makes it possible to connect to theinternet without passage of the core network of the mobile communicationsystem, it is possible to distribute traffic load (offload), from theperspective of the mobile network operator.

Further, differing from a microcell base station, the home base stationcan give access right only to a particular UE based on the form of theusage, and three access modes called closed, open and hybrid aredefined. Each home station is allotted with a group identifier calledCSGID (Closed Subscriber Group Identification). In the closed mode, thehome base station can designate UEs to be permitted to connect for everyCSGID. In the open mode, the home base station can give the right ofaccess to the home base station to all UEs. In the hybrid mode, which isa combination of the closed mode and open mode, communication of UEsthat are given with access right in closed mode can be handledpreferentially.

Further, concerning local IP access, it is defined as a requisite thatwhether or not the user is permitted to use this function should bedetermined based on the user's subscription information. It is alsoruled as a functional requisite that a UE can use local IP access andconnection to the core network simultaneously when the UE is connectingto the home base station.

Moreover, non-patent document 3 discloses architecture candidates forembodying a home base station.

PRIOR ART DOCUMENTS Non-Patent Documents

Non-patent Document 1: 3GPP TS23.401 General Packet Radio Service (GPRS)enhancements for Evolved Universal Terrestrial Radio Access Network(E-UTRAN) access

Non-patent Document 2: 3GPP TS 22.220

Non-patent Document 3: 3GPP TS 23.830

Non-patent Document 4: 3GPP Contribution S2-092308 (Local IP accessbaseline solution for EHNB)

SUMMARY OF THE INVENTION Problems to be Solved by the Invention

According to the information disclosed in non-patent document 3, accesscontrol at the home base station is determined depending on theaforementioned three access modes and the subscription information basedon which whether the local IP access function is permitted to use isdetermined. However, if the usage scenario of the home base station isconsidered, it is desirable that the owner of the home base station orthe mobile network operator can designate access right in more detail asdescribe below.

Suppose, for example, a case in which a home base station is set in ahome, there is a demand that the family may offer a friend, who visitsthe residence, only the internet connection service through local IPaccess but does not want to permit the friend to use home networkconnection service in view of privacy and security.

Suppose another case in which a home base station is installed in ashopping mall etc., there is a demand that an advertisement distributionserver for distributing advertisement information and the like isinstalled in the home network so as to allow visiting customers toaccess only the home network connection service through local IP accessand so as to provide a connection with an advertisement server, but notto allow them to access internet connection service.

However, because the access control based on the aforementioned accessmode and the subscription information themselves cannot offer the schemeto separately designate access right as to a plurality of services thatare available through local IP access, there is the problem that theaforementioned usage scenario cannot be realized.

Further, when a UE uses local IP access, not only the communication datathe UE transmits by way of the home base station but also thecommunication data transmitted from another information terminalconnected to the home network, to the UE should be limited as toconnection depending on the access right.

For example, communication from the information terminal to a UE that isnot permitted to access home network connection service should be shutoff, whereas if the UE in question is authorized to use internetconnection service by way of local IP access, the communication datacorresponding to that should be normally transferred to the UE. However,due to the above-described access right problem, it is impossible tofilter these packets as it stands.

Local IP access also has a problem that there is no contrivance fornotifying a UE of which services are permitted.

For example, in EPS, a PDN (Packet Data Network: packet communicationnetwork) exists for each network service such as an internet connectionservice or IMS service, and one APN (Access Point Name) that uniquelyidentifies each PDN is used to explicitly express connection to aparticular PDN. It is proposed in non-patent document 4 that a networkthat is connected using local IP access (the internet connected via ahome network and a broadband access network) is regarded as one PDN(Packet Data Network: packet communication network) and a dedicated APNis allotted for local IP access.

With this scheme, a UE can separately use the APN that expresses networkconnection via the core network and the APN that expresses networkconnection using local IP access, so that the UE can make use ofsimultaneous connection to local IP access and the core network.Further, by integrating local IP access as a single PDN, it is alsopossible to integrate the management information (the IP address,various kinds of setup information, etc. set for each PDN) of a UE.

However, an APN is a mere character string. Accordingly, even if a UEacquires an APN for local IP access, this means that identifyinginformation is merely provided to use local IP access, it is henceimpossible to determine specific service to be available (whetherinternet connection service is available or not, and the like).

Accordingly, the UE which wants to use internet connection service willchoose either establishing connection via the core network or trying toestablish connection via local IP access without any confirmation ofpermission to internet connection. If the former is selected, no trafficoffload the mobile network operator expects will be realized.

On the other hand, when the latter is selected, there is a possibilitythat the UE will continue to try to establish internet connection vialocal IP access despite that the UE is not allowed to use internetconnection service due to access right. Moreover, since the UE cannoteven tell the reason of the connection unavailability, whether it isattributed to access right or whether it is attributed to a problem thatis actually occurring at the other connection end, it is impossible touse such a fallback function as to automatically switch its operationfrom the latter to the former.

In addition, a home base station is one that is introduced as afunctional extension of the existing mobile communication system, so itis desirable that the change to the current specification is minimized.Accordingly, the specific means for solving the above problems also hasto be realized by providing the minimum functional extension to the EPSruled by the non-patent document 1.

The present invention has been devised in view of the abovecircumstances, it is therefore an object of the present invention toprovide a mobile communication system and the like in which, for aplurality of services provided through local IP access functionality ofa home base station, the owner of a home base station or the mobilenetwork operator can designate the access right for each service, andthe home base station to which communication data is transferred basedon the designated access right and a mobile terminal based on thedesignated access right can select a communication path.

Means for Solving the Problems

In view of the above problems, a mobile communication system of thepresent invention is a mobile communication system in which a homenetwork having a home base station to which a mobile terminal isconnected and a core network to which a subscriber informationmanagement apparatus, a position management apparatus and an accesscontrol apparatus are connected, are connected via a foreign network,characterized in that the subscriber information management apparatusincludes: a subscription storage that stores, as subscriptioninformation, an APN (Access Point Name) for identifying a home basestation and a service class available for the mobile terminal, incorrespondence with a mobile terminal identifier for identifying themobile terminal; a positional information update request receiver forreceiving a positional information update request of the mobile terminalfrom the position management apparatus; and, a positional informationresponse transmitter that extracts a service class corresponding to amobile terminal identifier included in the positional information updaterequest, from the subscription storage and transmits a positionalinformation update response included with the extracted service class tothe position management apparatus.

A subscriber information management apparatus of the present inventionis a subscriber information management apparatus included in a mobilecommunication system in which a home network having a home base stationto which a mobile terminal is connected and a core network to which thesubscriber information management apparatus, a position managementapparatus and an access control apparatus are connected, are connectedvia an external network, comprising: a subscription storage that stores,as subscription information, an APN (Access Point Name) for identifyinga home base station and a service class available for a mobile terminalvia a home base station, in correspondence with a mobile terminalidentifier for identifying the mobile terminal; a positional informationupdate request receiver for receiving a positional information updaterequest of the mobile terminal from a position management apparatus;and, a positional information response transmitter that extracts aservice class corresponding to a mobile terminal identifier included inthe positional information update request, from the subscription storageand transmits a positional information update response included with theextracted service class to the position management apparatus.

The subscriber information management apparatus of the present inventionis characterized in that the service class available for the mobileterminal, included in the subscription information shows whether or notthe mobile terminal is allowed to connect to an internet and whether ornot the mobile terminal is allowed to connect to the home network.

A position management apparatus of the present invention is a positionmanagement apparatus included in a mobile communication system in whicha home network having a home base station to which a mobile terminal isconnected and a core network to which a subscriber informationmanagement apparatus, the position management apparatus and an accesscontrol apparatus are connected, are connected via a foreign network,comprising: an attach request receiver for receiving an attach requestincluding a mobile terminal identifier from a mobile terminal; apositional information update request transmitter that extracts a mobileterminal identifier from the attach request and transmits a positionalinformation update request including the mobile terminal identifier, toa subscriber information management apparatus; a positional informationupdate response receiver for receiving a positional information updateresponse including a service class available for the mobile terminal,from the subscriber information management apparatus; and an attachrequest allow/disallow decider that extracts th service class from thepositional information update response and decides whether or not anattach request from the mobile terminal is acceptable, based on theavailable service.

A home base station of the present invention is a home base stationincluded in a mobile communication system in which a home network havinga home base station to which a mobile terminal is connected and a corenetwork to which a subscriber information management apparatus, aposition management apparatus and an access control apparatus areconnected, are connected via a foreign network, comprising: a bearersetup request receiver for receiving a bearer setup request including aclass of service, from a position management apparatus; a packetfiltering information storage for storing packet filtering informationin accordance with the service class in order to control communicationof a mobile terminal; and, a packet filtering controller that performspacket filtering control on the mobile terminal to be connected, basedon the service class included in the bearer setup request and the packetfiltering information.

A mobile terminal of the present invention is a mobile terminal includedin a mobile communication system in which a home network having a homebase station to which the mobile terminal is connected and a corenetwork to which a subscriber information management apparatus, aposition management apparatus and an access control apparatus areconnected, are connected via a foreign network, the home base stationincluding an access control apparatus used for local IP access,comprising: a service class receiver for receiving a service class, froma home base station; and, a selector that selects either use of anaccess control apparatus connected to a core network or use of an accesscontrol apparatus used for local IP access included in a home basestation, as an access control apparatus for assuring a communicationpath for the mobile terminal, based on the service class.

The mobile terminal of the present invention is characterized in thatthe service class receiver receives PCO (Protocol Configuration Option)transmitted from the home base station and extracts the service classincluded in the PCO.

Advantage of the Invention

According to the present invention, when a mobile terminal uses serviceusing local IP access functionality of a home base station, the owner ofthe home base station or the mobile network operator can perform accesscontrol separately for each service while minimizing the modification ofthe existing system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram showing a mobile communication system inthe first embodiment.

FIG. 2 is a block diagram of a PGW in the first embodiment.

FIG. 3 is a chart showing binding information of a PGW in the firstembodiment.

FIG. 4 is a block diagram of a SGW in the first embodiment.

FIG. 5 is a block diagram of a HSS in the first embodiment.

FIG. 6 is a chart showing one example of a subscription DB of an HSS inthe first embodiment.

FIG. 7 is a block diagram of an MME in the first embodiment.

FIG. 8 is a chart showing one example of a subscription DB of an MME inthe first embodiment.

FIG. 9 is a chart showing one example of an APN-IP address translationDB of an MME in the first embodiment.

FIG. 10 is a block diagram of a GW in the first embodiment.

FIG. 11 is a block diagram showing a home base station in the firstembodiment.

FIG. 12 is a chart showing binding information of a home base station inthe first embodiment.

FIG. 13 is a chart showing one example of packet filtering informationof a home base station in the first embodiment.

FIG. 14 is a chart showing one example of an IP address pool of a homebase station in the first embodiment.

FIG. 15 is a block diagram of a UE in the first embodiment.

FIG. 16 is a chart showing one example of a UE's APN list in the firstembodiment.

FIG. 17 is a block diagram of an information terminal in the firstembodiment.

FIG. 18 is a diagram showing a sequence example of a registering processof a home base station in the first embodiment.

FIG. 19 is a chart showing one example of an APN-IP address translationDB of an MME in the first embodiment.

FIG. 20 is a diagram showing a sequence example of a UE's process ofattachment to a home base station in the first embodiment.

FIG. 21 is a diagram showing a sequence example of a UE's attachprocedure for local IP access in the first embodiment.

FIG. 22 is a diagram showing a flow chart of MME's access right decidingprocess in the first embodiment.

FIG. 23 is a diagram showing a sequence example of a PMIP tunnelestablishment process for local IP access in the first embodiment.

FIG. 24 is a diagram showing a flow chart of a packet filtering processat a home base station in the first embodiment.

FIG. 25 is a diagram showing a flow chart of a packet filtering processat a home base station in the first embodiment.

FIG. 26 is a diagram showing a flow chart of a UE's PDN connectionselecting process in the first embodiment.

FIG. 27 is a block diagram showing a home base station in the secondembodiment.

FIG. 28 is a chart showing one example of access right information at ahome base station in the second embodiment.

FIG. 29 is a diagram showing a sequence example of a PMIP tunnelestablishment process for local IP access in the second embodiment.

FIG. 30 is a diagram showing a variational sequence example of aregistering process of a home base station.

MODES FOR CARRYING OUT THE INVENTION

Next, the best mode for carrying out the present invention will bedescribed with reference to the drawings. In the embodied modes, theembodiment of a mobile communication system to which the presentinvention is applied will be detailed as an example with reference tothe drawings.

1. The First Embodiment

To begin with this, the first embodiment of a mobile communicationsystem to which the present invention is applied will be described withreference to the drawings.

[1.1 Outline of Mobile Communication System]

FIG. 1 is a diagram for illustrating the outline of a mobilecommunication system 1 in the present embodiment. As shown in thisfigure, mobile communication system 1 is composed of a core network anda home network, the core network and the home network being mutuallyconnected via a broadband access network. The broadband access networkis a wired access network for realizing broadband communication, and isconstructed by, for example ADSL, optical fibers and the like. However,not limited to this, the broadband access network may be a wirelessaccess network such as WiMAX or the like.

The core network includes a PGW 10 (Packet data GW), a SGW 20 (ServingGW), an HSS 30 (Home Subscriber Service), an MME 40 (Mobility ManagementEntity) and GW 50.

PGW 10 is an access control apparatus which is connected to foreign PDNs(Packet Data Network: packet communication network) such as the internetand the like, functions as a gateway for connecting the core networkwith those PDNs and transfers communication data of a UE 70 to SGW 20.

SGW 20 is a service control apparatus that is connected to GW 50 totransfer packets between PGW 10 and home base station 60. Here, itshould be noted that PGW 10 and SGW 20 may be physically configured asan identical node.

MME 40 is an entity for performing signaling and is a positionmanagement apparatus for leading position management of UE 70 and an EPSbearer establishment process. The EPS bearer is a logical path that isestablished between home base station 60 and SGW 20 for every UE totransfer user IP packets. Here, UE 70 is able to establish a pluralityof EPS bearers.

GW 50 functions as a gateway between home base station 60 installedinside the home network and the apparatuses inside the core network.

HSS 30 is a subscriber information management apparatus that managessubscription data (subscriber information) and performs userauthentication and the like to notify MME 40 of the subscription data ofUE 70. The subscription data includes subscriber's service subscriptioninformation, the list of CSGIDs that are allowed to access, and others.

The home network is composed including UE 70, information terminal 80and home base station 60. The home network is mutually connected toforeign PDNs via broadband access network.

Home base station 60 is an apparatus that forms a femtocell andaccommodates UE 70 as a 3GPP LTE (Long Term Evolution) base station.Further, this also functions as a home gateway in the home network andis connected to the broadband access network.

UE 70 is a mobile communication terminal equipped with a 3GPP LTEcommunication interface and is connected to home network 60.

Information terminal 80 is an information terminal connected to the homenetwork; examples including printers, network file servers, etc.

[1.2 Apparatus Configuration]

Next, the configuration of each apparatus will be briefly describedusing the drawings.

[1.2.1 PGW Configuration]

First, the configuration of PGW 10 in the present embodiment will bedescribed. As shown in FIG. 2, PGW 10 includes a controller 100 to whicha transmitting/receiving unit 110, a packet transmitting/receiving unit120, a storage 150 and a PMIP processor 160 are connected by a bus.

Controller 100 is a functional unit for controlling PGW 10. Thecontroller reads out and runs various programs stored in storage 150 tothereby realize various processes.

Transmitting/receiving unit 110 is a functional unit that iswire-connected to a router or a switch to perform transmission andreception of packets. Transmission and reception of packets is performedthrough, for example, Ethernet (registered trademark), which isgenerally used as a network connecting standard, or the like.

Storage 150 is a functional unit that stores programs, data and the likenecessary for various operations of PGW 10, and is configured of, forexample semiconductor memory and the like. Storage 150 also storesbinding information 152.

Binding information 152 is the information which PGW 10 uses whenreceiving communication data (packet) addressed to UE 70, to determinethe transmission path for forwarding the communication data to UE 70.FIG. 3 shows one example of binding information.

As shown in FIG. 3, the IP address prefix (which will be referred tohereinbelow as “HNP(Home Network Prefix)” of UE 70 and the transmissionpath to SGW 20 (e.g., “PMIP tunnel 1”) are recorded in a correlatedmanner. Here, it is assumed that each UE is allotted with a unique HNP,which is used to generate IPv6 address for UE.

Packet transmitting/receiving unit 120 is a functional unit fortransmitting and receiving specific data (packets). The packettransmitting/receiving unit decomposes the data received from thesuperior layer into packets so as to be transmitted. The packettransceiver also realizes the function of transferring the receivedpackets to the superior layer.

PMIP processor 160 is a functional unit for establishing a transmissionpath (called PMIP tunnel) used between PGW 10 and SGW 20.

[1.2.2 SGW Configuration]

Next, the configuration of SGW 20 in the present embodiment will bedescribed. As shown in FIG. 4, SGW 20 includes a controller 200 to whicha transmitting/receiving unit 210, a storage 250, a bearer establishmentprocessor 270, a packet transmitting/receiving unit 220 and a PMIPprocessor 260 are connected by a bus.

Controller 200 is a functional unit for controlling SGW 20. Thecontroller 200 reads out and runs various programs stored in storage 250to thereby realize various processes.

Transmitting/receiving unit 210 is a functional unit that iswire-connected to a router or a switch to perform transmission andreception of packets. Transmission and reception of packets is performedthrough, for example, Ethernet (registered trademark), which isgenerally used as a network connecting standard, or the like.

Storage 250 is a functional unit that stores programs, data and the likenecessary for various operations of SGW 20.

Bearer establishment processor 270 is a functional unit that implementsa process for establishing an EPS bearer.

Packet transmitting/receiving unit 220 is a functional unit fortransmitting and receiving specific data (packets). The packettransmitting/receiving unit decomposes the data received from thesuperior layer into packets so as to be transmitted. The packettransceiver also realizes the function of transferring the receivedpackets to the superior layer.

PMIP processor 260 is a functional unit for establishing a PMIP tunnelconnected in between PMIP processor 260 and PGW10.

[1.2.3 HSS Configuration]

Next, the configuration of HSS 30 in the present embodiment will bedescribed. As shown in FIG. 5, HSS 30 includes a controller 300 to whicha transmitting/receiving unit 310 and a storage 350 are connected by abus.

Controller 300 is a functional unit for controlling HSS 30. Thecontroller 300 reads out and runs various programs stored in storage 350to thereby realize various processes.

Transmitting/receiving unit 310 is a functional unit that iswire-connected to a router or a switch to perform transmission andreception of packets. Transmission and reception of packets is performedthrough, for example, Ethernet (registered trademark), which isgenerally used as a network connecting standard, or the like.

Storage 350 is a functional unit that stores programs, data and the likenecessary for various operations of HSS 30. The storage 350 furtherstores a subscription DB (database) 352 that holds subscriberinformation.

Here, FIG. 6 shows one example of subscription DB 352. Subscription DB352 records, for UEs managed by mobile communication system 1, the UE'sidentifier (e.g., “UE1” generated from IMSI (International MobileSubscriber Identify: subscriber identification information) and thelike), the CSGID (e.g., “CSGID2”) allotted to home base station 60 whichthe UE is allowed to access, the APN (e.g., “ALICE'S_HOME”) forconnection to the local IP access provided by the home base station 60,and either “allowed” or “disallowed”, i.e., the status of theavailability of service (e.g., “class 1: internet connection service”and “class 2: home network connection service”) through the local IPaccess.

Further, it is assumed that the owner of home base station 60 or theoperator of mobile communication system 1 can access subscription DB 352and can designate and modify to which UE what kind of access rightinformation is provided for every APN that is allotted to owned homebase station 60.

Controller 300 offers information from subscription DB 352 stored instorage 350, in response to a request from MME 40.

[1.2.4 MME Configuration]

Next, the configuration of MME 40 in the present embodiment will bedescribed. As shown in FIG. 7, MME 40 is connected with atransmitting/receiving unit 410 and a storage 450 by a bus.

Controller 400 is a functional unit for controlling MME 40. Thecontroller 400 reads out and runs various programs stored in storage 450to thereby realize various processes.

Transmitting/receiving unit 410 is a functional unit that iswire-connected to a router or a switch to perform transmission andreception of packets. Transmission and reception of packets is performedthrough, for example, Ethernet (registered trademark), which isgenerally used as a network connecting standard, or the like.

Storage 450 is a functional unit that stores programs, data and the likenecessary for various operations of MME 40. Storage 450 is furtherrecorded with a subscription DB 452 for temporarily storing subscriberinformation and an APN-IP address translation DB 454.

FIG. 8 is a chart showing one example of subscription DB 452. Thestructure of the database is the same as that of subscription DB 352held by HSS 30 as shown in FIG. 6. However, information on UEs to bemanaged by the MME 40 only is temporarily stored.

FIG. 9 is a chart showing one example of APN-IP address translation DB454. As shown in FIG. 9, the database is one that holds a translationtable relating an APN (e.g., “WEB”) to the IP addresses of PGW 10 andSGW 20 (e.g., “2001:200:1::1” and “2001:200:2::1). When PGW 10 and SGW20 are given as an integrated apparatus as home base station 60, thesame IP address is registered.

[1.2.5 GW Configuration]

Next, the configuration of GW 50 in the present embodiment will bedescribed. As shown in FIG. 10, GW 50 includes a controller 500 to whicha transmitting/receiving unit 510, a packet transmitting/receiving unit520 and a storage 550 are connected by a bus.

Herein, communication between MME 40 and home base station 60 andbetween SGW 20 and home base station 60 is performed by way of GW 50.

Controller 500 is a functional unit for controlling GW 50. Thecontroller 500 reads out and runs various programs stored in storage 550to thereby realize various processes.

Transmitting/receiving unit 510 is a functional unit that iswire-connected to a router or a switch to perform transmission andreception of packets. Transmission and reception of packets is performedthrough, for example, Ethernet (registered trademark), which isgenerally used as a network connecting standard, or the like.

Packet transmitting/receiving unit 520 is a functional unit fortransmitting and receiving specific data (packets). The packettransmitting/receiving unit decomposes the data received from thesuperior layer into packets so as to be transmitted. The packettransmitting/receiving unit also realizes the function of transferringthe received packets to the superior layer. Storage 550 is a functionalunit for storing programs, data and the like necessary for variousoperations of the GW.

[1.2.6 Home Base Station Configuration]

Next, the configuration of home base station 60 in the presentembodiment will be described. FIG. 11 is a diagram for illustrating theconfiguration of home base station 60, and includes a controller 600, towhich an L-PGW unit 610, an L-SGW unit 620, an LTE base station unit630, a storage 650, a home network interface unit 660 and an interfaceunit 670 used for broadband access network are connected by a bus.

Controller 600 is a functional unit for controlling base station 60. Thecontroller 600 reads out and runs various programs stored in storage 650to thereby realize various processes.

L-PGW unit 610 has the same configuration as that of the above-describedPGW 10, and establishes a PMIP tunnel in between L-PGW unit 610 andL-SGW unit 620. Further, the unit holds binding information 612 as shownin FIG. 12. Here, binding information 612 records the IP address prefixof UE 70 and the transmission path to L-SGW unit 620 in a correlatedmanner.

L-SGW unit 620 has the same configuration as that of the above-describedSGW 20, and establishes a PMIP tunnel in between L-SGW unit 620 andL-PGW unit 610.

LTE base station unit 630 is a functional unit that functions as an LTEbase station to accommodate UE 70. LTE base station unit 630 has anexternal antenna 635 connected thereto.

Storage 650 is a functional unit that stores programs, data and the likenecessary for various operations of home base station 60. The storage650 further stores packet filtering information 652 and an IP addresspool 654.

FIG. 13 is a table showing one example of packet filtering information652. This information stores the rule that determines whether packettransfer by home base station 60 is allowed or not for every offeredservice class (e.g., “class 1: internet connection” and the like) whenhome base station 60 offers local IP access functionality.

It is assumed, for example that information terminal 80 connected to thehome network is allotted with an IPv6 address beginning with“2001:100:200:3000”.

For a case of class 1, transfer of all packets is allowed (“allow all”),then if the destination or sender IPv6 address of a packet begins with“2001:100:200:3000”, transfer of the packet is disallowed (“disallowIPv6==2001:100:200: 3000::/64”). That is, the packet filtering assignedto this class 1 is applied, so that communication from UE 70 to the homenetwork and communication from the home network to UE 70 are shut out byhome base station 60.

On the other hand, for a case of class 2, transfer of all packets isshut out (“disallow all”), then if the destination or sender IPv6address of a packet begins with “2001:100:200:3000”, transfer of thepacket is allowed (“allow IPv6==2001:100:200:3000::/64”). As a result,only the communication between UE 70 and information terminal 80 insidethe home network is allowed.

FIG. 14 is a table showing one example of IP address pool 654, and homebase station 60 manages an IP address block (e.g., “2001:100:200::/48”or the like) assigned to home base station 60 by the operator offeringbroadband access service.

Then, it is assumed that home base station 60 gives assignment to UE 70that uses local IP access from this IP address block, and that, forexample IPv6 address prefix “2001:100:200: 4000:/64” is allotted to UE70. Here, it is assumed that routing information has been set up on theinternet so that communication addressed to IP addresses belonging tothis IP address block is routed to home base station 60.

Home network interface unit 660 is a functional unit that performstransmission and reception of packets with other apparatus inside thehome network. Transmission and reception is performed through, forexample, Ethernet (registered trademark), which is generally used as anetwork connecting standard, or the like.

Interface unit 670 used for broadband access network is a functionalunit that performs transmission and reception of packets with thebroadband access network. Transmission and reception is performedthrough, for example ADSL, which is generally used as a networkconnecting standard, or the like.

[1.2.7 UE Configuration]

Next, the configuration of UE 70 as mobile station in the presentembodiment will be described. As a specific example of UE 70, mobileterminals that connect to the mobile communication system via radioaccess interface, PDAs and other terminals are presumed. As shown inFIG. 15, controller 700 is connected with an LTE interface unit 710, apacket transmitting/receiving unit 720, a storage 750 and a bearerestablishment processor 770 by a bus.

Controller 700 is a functional unit for controlling UE 70. Thecontroller reads out and runs various programs stored in storage 750 tothereby realize various processes.

LTE interface unit 710 is a functional unit with which UE 70 connects tohome base station 60. LTE interface unit 710 is connected with anexternal antenna 715.

Packet transmitting/receiving unit 720 is a functional unit fortransmitting and receiving specific data (packets). The packettransmitting/receiving unit decomposes the data received from thesuperior layer into packets so as to be transmitted. The packettransmitting/receiving unit also realizes the function of transferringthe received packets to the superior layer.

Storage 750 is a functional unit that stores programs, data and the likenecessary for various operations of UE 70. Storage 750 also stores anAPN list 752.

APN list 752 stores APN as candidates for UE 70 when UE 70 connects tothe internet. FIG. 16 is a data configurational example of APN list 752.In APN list 752, APN as candidates that UE 70 may use are managed on alist as shown in FIG. 16.

For an APN used for local IP access, the APN is managed together withthe CSGID of home base station 60 to which the APN is allotted. The APNallotted to home base station 60 is acquired beforehand from the ownerof home base station 60 or the mobile network operator. As the methodsfor acquisition, there are some methods such as, for example, an APN,which is given by offline notice, may be registered beforehand in UE 70;or an APN that is notified by SMS (Short Message Service) or the likewhen home base station 60 is accessed, may be automatically registered.However, not limited to these, other methods may be used.

Bearer establishment processor 770 is a functional unit that executes aprocess for establishing an EPS bearer as a communication path to L-SGWunit 620 inside home base station 60 or to SGW 20 inside the corenetwork.

[1.2.8 Information Terminal Configuration]

Next, the configuration of information terminal 80 in the presentembodiment will be described. As shown in FIG. 17, information terminal80 includes a controller 800 to which a home network interface unit 810and a storage 850 are connected by a bus.

Controller 800 is a functional unit for controlling information terminal80. The controller 800 reads out and runs various programs stored instorage 850 to thereby realize various processes.

Home network interface unit 810 is a functional unit for transmittingand receiving packets with other apparatus inside the home network.Transmission and reception of packets is performed through, for example,Ethernet (registered trademark), which is generally used as a networkconnecting standard, or the like.

Storage 850 is a functional unit that stores programs, data and the likenecessary for various operations of information terminal 80.

[1.3 Description of Processing]

Next, the procedures for UE 70 to use the core network and local IPaccess via home base station 60 in mobile communication system 1 shownin FIG. 1 will be described with reference to the drawings.

[1.3.1 Home Base Station Registering Process]

To begin with, the registering procedure of home base station 60 tomobile communication system 1 will be described using FIG. 18.

Home base station 60 transmits an S1 setup request to MME 40 (S100).Here, the S1 setup request is implemented to establish a communicationpath between LTE base station unit 630 of home base station 60 and MME40 so that home base station 60 can operate as a base station of mobilecommunication system 1, and includes a CSGID assigned to home basestation 60. Then MME 40 transmits an S1 setup response (S102).

Next, differing from the prior art, home base station 60 transmits alocal IP access registering request to MME 40 to request MME 40 toregister itself as a home base station offering local IP accessfunctionality (S104). The local IP access registering request includesthe CSGID assigned to home base station 60, an APN used for local IPaccess (“BOB'S_HOME”), IP address of L-PGW unit 610 and IP address ofL-SGW unit 620.

Based on the acquired APN, IP address of L-PGW unit 610 and IP addressof L-SGW unit 620, MME 40 updates APN-IP address translation DB 454(S106). Specifically, the database is updated from the state in FIG. 9to the state in FIG. 19. Then, the APN used for local IP access and theIP addresses of L-PGW unit 610 and L-SGW unit 620, to which the APN isassigned, are stored in a related manner. Then, MME 40 transmits a localIP access registration permission to home base station 60 (S108). Inthis way, the registering process of home base station 60 is completed.

[1.3.2 Process of UE Attachment to Home Base Station]

Next, the procedure in which UE 70 connects to the core network via homebase station 60 and is connected to a foreign PDN identified by the APNof “WEB”, will be described using FIG. 20.

First, in order to connect to the core network via home base station 60,UE 70 transmits an attach request to home base station 60, following theconfiguration technique defined in non-patent document 1 (S200). Theattach request includes a UE identifier (UE 1), an APN (“WEB”) toidentify the destination PDN, UE capability that represents UE'sretention function, and the like.

Home base station 60 transmits a CSGID of itself (named “CSGID 1”)together with the received attach request, to MME 40 (S202).

MME 40, following the prior art method, extracts the UE identifierincluded in the attach request to perform user authentication andfurther transmits a positional information update request to HSS 30 toacquire the subscription data of UE 70 (S204).

HSS 30 extracts only the information whose UE identifier corresponds toUE1, from the subscription DB shown in FIG. 6, and transmits theextracted information included in a positional information updateresponse, to MME 40 (S208). Here, differing from the prior art, not onlythe list of CSGIDs to which access right is being given, but alsoavailable service for each APN used for local IP access are transmitted.

Then, MME 40 stores the extracted information into subscription DB 452of UE 70, as shown in FIG. 8 (S210).

Further, MME 40 compares CSGID1 of home base station 60 to which UE 70is connecting, with the acquired subscription data (S212). Thereby,whether or not UE 70 has access right to connect to home base station 60is checked (S212). If the UE has no access right, MME 40 transmits arefusal of attachment, to UE 70 by way of home base station 60, and theattach process is ended as the attach process has been failed.

When the access right has been authorized, MME 40 performs a PDNconnection establishment process for UE 70 that has been allowed toconnect, following the conventional method (S214). A PDN connection is alogical path that is established between a UE and a PDN, is constructedof an EPS bearer established between home base station 60 and SGW 20 anda PMIP tunnel established between SGW 20 and PGW 10. The PDN connectionestablishment process is carried out between MME 40, SGW 20 and PGW 10.Though the present embodiment was described taking a case where a PMIPtunnel is established, a method of establishing a GTP (GPRS TunnelingProtocol) tunnel between SGW 20 and PGW 10 may be used instead.

When the PDN connection establishment process is complete, the IPaddress of UE 70 is related with the transmission path in the bindinginformation inside PGW 10, as shown in FIG. 3, so that UE 70 becomesable to transmit and receive communication data by way of the corenetwork.

Specifically, the communication data addressed to UE 70, received by PGW10 is forwarded to home base station 60 by way of PMIP tunnel 1 and EPSbearer 1 and is transmitted to UE 70. On the other hand, thecommunication data transmitted from UE 70 and addressed to the PDN isforwarded to the PDN by way of EPS bearer 1 and PMIP tunnel 1.

In the above way, the attach process of UE 70 to home base station 60 iscomplete. Here, since at this point UE 70 has established only the PDNconnection by way of the core network, the communication data toward theinternet is all transmitted by way of the core network.

[1.3.3 Attach Process for Local IP Access]

Next, UE 70 begins connection by local IP access by way of home basestation 60. Now, the attach process for local IP access will bedescribed with reference to FIG. 21.

Here, this attach process may be manually actuated by the user when, forexample, the completion of attachment to the core network by way of homebase station 60 is displayed on the display or the like of UE 70.Alternatively, it is also possible to set UE 70 beforehand such that theattach process for local IP access is automatically started when the UEhas attached to a particular home base station. It is also possible touse other methods, not limited to the above.

First, in order to perform local IP access by way of home base station60, UE 70 transmits a PDN connectivity request to MME 40 (S300). Here,in order to clarify that connection is through local IP access, the APN(BOB'S_HOME) assigned to home base station 60 is designated as thedestination APN.

As receiving the PDN connectivity request, MME 40 checks whether theright of access to the local IP access is given or not by referring tothe stored subscription data corresponding to UE 70 (S302). Now, theprocess of determining the access right will be described with referenceto the flow chart in FIG. 22.

First, the CSGID of the destination home base station 60 to which UE 70is being connected is extracted (Step S1000). Then, it is confirmedwhether or not the extracted CSGID1 of home base station 60 is includedin the list of CSGIDs which are allowed to access, in the subscriptiondata corresponding to UE 70, by referring to subscription DB 452 (StepS1002). Herein, if not included (Step S1002; No), a refusal of PDNconnectivity is transmitted to UE 70 to complete the attach process(Step S1014).

If the extracted one is included in the list of CSGIDs which are allowedto access, in the subscription data corresponding to UE 70 (Step S1002;Yes), the APN assigned to the CSGID is extracted from subscription DB452 (Step S1004). At this point, it is checked whether the extracted APNis identical with the APN that is contained in the PDN connectivityrequest (Step S1006). If the APN is not identical (Step S1006; No), thismeans that a connection request is made to an APN that is assigned to ahome base station 60 different from the home base station 60 to which UE70 is currently connecting, hence a PDN connectivity refusal is returned(Step S1014) and the attach process is ended.

On the other hand, when the APN is identical (Step S1006; Yes), servicesavailable for the APN are extracted (Step S1008). At this point, ifaccess right is given to any one of them (Step S1010; Yes), a PMIPtunnel establishment process used for local IP access describedhereinbelow is started (Step S1012). If no access right for any serviceclass is given (Step S1010; No), MME 40 transmits a PDN connectivityrefusal to UE 70 (Step S1014), and the attachment process is immediatelyended without starting the PMIP tunnel establishment process used forthe local IP access with home base station 60 described as follows. Inthis case, UE 70 cannot use local IP access.

[1.3.3.1 PMIP Tunnel Establishment Process used for Local IP Access]

FIG. 23 is a diagram showing in detail the PMIP tunnel establishmentprocess used for the local IP access.

First, MME 40 transmits a bearer setup request to L-SGW unit 620 (S400).The bearer setup request includes a UE identifier (UE1) and an APN.However, differing from the prior art, the APN is added with informationthat represents the service class that is allowed for use. For example,the following three kinds of character strings are defined for serviceclasses.

When internet connection is available: “;INTERNET”; when home networkconnection is available: “;HOMENETWORK”; and when internet connectionand home network connection are available: “;INTERNET&HOMENETWORK”.

Then, MME 40 refers the subscription data of retained UE 70 tosubscription DB 452, and if, for example, home network connection isallowed, the character string “;HOMENETWORK” is added after the originalAPN “BOB'S_HOME”, so as to use “BOB'S_HOME;HOMENETWORK” as a new APN.

L-SGW unit 620 receives the bearer setup request, and transmits abinding update request to L-PGW unit 610 (S402) in order to establish aPMIP tunnel between L-SGW unit 620 and L-PGW unit 610. The bindingupdate request includes a UE identifier (UE1) and the updatedAPN(“BOB'S_HOME; HOMENETWORK”).

L-PGW unit 610 receives the binding update request, and allots HNP2 toUE 70 first, to generate binding information shown in FIG. 12 (S404).Here, it is assumed that the HNP to be allotted is selected from IPaddress pool held by home base station 60. In this case, it is assumedthat “2001:100:200;4000::/64” is allotted as HNP2.

Then, differing from the prior art, in order to notify UE 70 of theservice class of services that are allowed for use by way of local IPaccess, the information on the service class to be stored in PCO(Protocol Configuration Option) is determined (S406). Here, PCO is a3GPP-defined information field capable of storing setup information thatis exchanged between L-PGW unit 610 and UE 70 only, and is carried to UE70 by way of L-SGW unit 620, MME 40 and LTE base station unit 630.

As to information to be included in PCO, specifically, any of thefollowing information should be included based on the access rightinformation added to the APN included in the binding update request.

Class 1: capable of using internet connection;

Class 2: capable of using home network connection; and

Class 3: capable of using internet connection and home networkconnection.

If, for example, the APN includes predetermined information that can betell that connection to a home network is permitted (e.g., a characterstring “;HOMENETWORK”), PCO is stored with “class 2”.

Further, L-PGW unit 610 performs routing (S408) by establishing a PMIPtunnel 2 between L-PGW unit 610 and L-SGW unit 620 so that whenreceiving communication data addressed to HNP2 assigned to UE 70, theL-PGW unit forwards the communication data to L-SGW unit 620 via PMIPtunnel 2. In addition, L-PGW unit 610, referring to packet filteringinformation 652 in FIG. 13 based on the access right information,performs packet filter setting up to determine whether eachcommunication data packet should be forwarded or not based on the packetfiltering process described next (Step S410).

FIGS. 24 and 25 show a flow chart of the packet filtering process, whichwill be described hereinbelow.

First, L-PGW unit 610 receives communication data (Step S2000) anddetermines whether or not the communication data has been received byway of a PMIP tunnel (Step S2002).

Herein, if the communication data is one that was received by way of aPMIP tunnel (Step S2002; Yes), the binding information of the UE issearched based on the sender address (Step S2004). Specifically, theL-PGW unit extracts the sender address and searches the bindinginformation corresponding to the sender address.

Subsequently, whether or not there exists a corresponding UE isdetermined (Step S2006). Specifically, this is determined by checkingwhether the prefix portion (for the upper 64 bits) of the sender addresscorresponds to the HNP of a UE included in binding information 612.

When there is a correspondence (Step S2006; Yes), then the destinationaddress is extracted and referred to the packet filtering information,based on the access right information of UE 70 (Step S2008). Then, it isdetermined whether or not the destination address is one that is allowed(Step S2010).

When no corresponding UE is found at Step S2006 (Step S2006; No) or whenate Step S2010 the destination address is an unallowed address (StepS2010; No), the received communication data is discarded (Step S2018)and this process is ended.

On the other hand, when the destination address is an allowed address atStep S2010 (Step S2010; Yes), it is further determined whether or notthe destination address is the address to a home network (Step S2012).When the destination address is an address to a home address (StepS2012; Yes), home network interface unit 660 is used to transmitcommunication data (Step S2014); otherwise (Step S2012; No), interfaceunit 670 used for broadband access network is used to transmitcommunication data (Step S2016). Then, after transmission ofcommunication data, this process is ended.

When reception is not through a PMIP tunnel at Step S2002 (Step S2002;No), the binding information of the UE is searched based on thedestination address (Step S2050 in FIG. 25). Then, it is determinedwhether or not the prefix portion (for the upper 64 bits) of thedestination address corresponds to the HNP of a UE included in bindinginformation 612 (Step S2052).

When there is a correspondence (Step S2052; Yes), then the senderaddress is extracted so as to refer to the packet filtering information,based on the access right information of the UE (Step S2054). Then, itis determined whether or not the sender address is one that is allowed(Step S2056).

When no correspondence is found at Step S2052 (Step S2052; No) or whenthe address is unallowed at Step S2056 (Step S2056; No), the receivedcommunication data is discarded (Step S2060) and the process is ended.

On the other hand, when the sender address is an allowed address at StepS2056 (Step S2056; Yes), the PMIP tunnel assigned to UE 70 is used toforward the communication data to L-SGW unit 620 (Step S2058), and thisprocess is ended.

After completion of packet filter setting up, L-PGW unit 610 returns abinding update response to L-SGW unit 620 (S412). The message includesthe assigned HNP and PCO stored with the class of access rightinformation.

Thereafter, L-SGW unit 620 having received the binding update responsetransmits a bearer setup response to MME 40 (S414). Here, the bearersetup response includes the PCO set with the aforementioned serviceclass and HNP.

By the procedures described above, the PMIP tunnel establishment processused for the local IP access is completed, so that establishment of PMIPtunnel 2 is completed and only the communication data allowed based onthe access right information can be forwarded.

[1.3.3.2 EPS Bearer Establishment Process]

Returning next to FIG. 21, the following process will be described.

First, MME 40 having received the bearer setup response, transmits a PDNconnectivity permission to the UE by way of LTE base station unit 630(S304). The PDN connectivity permission includes an APN and PCO.

UE 70 receives the PDN connectivity permission. Then, from PCO, the UEacquires the information on the access right that is set at destinationhome base station 60. Further, the UE transmits a RRC connectionre-setting up complete message to LTE base station unit 630 (S306).

LTE base station unit 630 transmits a bearer setup response to MME 40(S308). MME 40 receives the bearer setup response and transmits a bearerupdate request including the IP address of home base station 60 to L-SGWunit 620 (S310).

L-SGW unit 620 returns a bearer update response to MME 40 (S312), andacquires the IP address of home base station 60 to establish EPS bearer2.

Then, L-SGW unit 620 transmits a router advertisement stored with theHNP acquired in the PMIP tunnel establishment process used for local IPaccess, to UE 70 (Step S314).

UE 70 takes out the HNP from the received router advertisement andgenerates an IPv6 address of itself using the HNP to form a statecapable of transmitting and receiving communication data for local IPaccess.

As described heretofore, UE 70 establishes both the PDN connection viathe core network (S316) and the PDN connection via local IP access(S318), simultaneously.

[1.3.4 Transmission and Reception Process of UE's Communication Data]

When connecting to the internet by means of an application such as a WEBbrowser etc., UE 70 selects one PDN connection from the two establishedPDN connections, in accordance with the procedure shown in FIG. 26 toperform transmission and reception of communication data.

First, the access right information on local IP access, included in thePCO acquired by PDN connectivity permission is extracted (Step S3000).

Then, based on the access right information extracted at Step S3000, ifthe class is 1 or 3, or when internet connection service is available byway of local IP access (Step S3002; Yes), the UE selects the PDNconnection via local IP access (composed of EPS bearer 2 and PMIP tunnel2) to transmit data (Step S3004).

When the class is 2, or when internet connection service is notavailable via local IP access (including class 2) (Step S3002; No), theUE selects the PDN connection via the core network (formed of EPS bearer1 and PMIP tunnel 2) to transmit data (Step S3006).

Then, using the selected PDN connection, communication data from UE 70is forwarded and sent out to the foreign PDN. Communication data fromthe foreign PDN to UE 70 is also brought to UE 70 via the same route.

On the other hand, when UE 70, defying the access right information,transmits communication data to the internet using the PDN connectionvia local IP access despite that the internet connection service vialocal IP access is not available, the communication data is discarded bythe above-described packet filtering process at L-PGW unit 610.

When transmitting communication data to the home network, UE 70 uses thePDN connection via local IP access while L-PGW unit 610 performs apacket filtering process to determine whether the transfer is allowed ornot.

In this way, in the present embodiment, for the service using the localIP access functionality of the home base station, the owner of the homebase station and the mobile network operator can set up the access rightof each UE for each service, hence it is possible to realize varioususage scenarios of the home base station.

Further, the home base station can perform packet filtering based on theservice class for which access right is given to a UE. Even if a UE thatis not allowed to use internet connection service via local IP access,has transmitted communication data directed to the internet,intentionally or by mistake, the home base station can detect anddiscard the communication data. Further, the communication data directedin reverse is also packet filtered in accordance with the access right.

Further, since the home base station notifies a UE of whether or not theUE can use internet connection service using local IP access, the UE cancorrectly determine whether to try to connect to the internet via thecore network or whether to try to connect to the internet via local IPaccess.

Moreover, this access right information on local IP access to benotified to a UE is stuffed in PCO and given to the UE by the L-PGW unitof the home base station. With this scheme, the notification of accessright information to a UE will not need any extension of other apparatusthan the L-PGW unit and UE.

Further, the MME adds a special character string to the APN to therebynotify the home base station of the access right as to local IP access,so that access control of a UE is made in accordance with that notifiedright. With this arrangement, the home base station can give notice ofaccess right information without the need of either retaining accessright information for each UE or adding new information fact to a bearersetup request defined in non-patent document 1.

Further, accessible APNs used for local IP access and access rightinformation for every UE are integrally managed in the subscriberinformation management apparatus, so that the home base station can usethe information to control access. With this arrangement, it becomespossible for the owner of the home base station and the mobile networkoperator to easily set up and manage access right information.

Although the present embodiment was described taking an example ofestablishing a PMIP tunnel by using a binding update request and abinding update response between L-PGW unit 610 and L-SGW unit 620, theinvention should not be limited to this. It is possible to use a methodof establishing a transmission path that is equivalent to a PMIP tunnelby establishing a GTP tunnel using a bearer establishment request and abearer establishment response, instead.

Further, though the present embodiment was described taking an exampleof a case where L-PGW unit 610 and L-SGW unit 620 inside home basestation 60 are configured as separate functional units, but theinvention should not be limited to this. L-PGW unit 610 and L-SGW unit620 may be configured as an integrated functional unit. In this case,control messages (binding update request and binding update response)transmitted and received between L-PGW unit 610 and L-SGW unit 620 areprocessed within the closed functional unit.

Moreover, though the present embodiment was described taking an exampleof a case where home base station 60 also includes a constituent as agateway to a broadband access network, the present invention should notbe limited to this. It is also possible to configure the interface unit670 used for the broadband access network of home base station 60 andhome network interface unit 660 alone as a separate apparatus (whichwill be referred to hereinbelow as home gateway) while home base station60 may include controller 600 to which L-PGW unit 610, L-SGW unit 620,LTE base station unit 630, storage 650 and home network interface unit660 are connected by a bus. In this case, home base station 60, the homegateway and information terminal 80 are mutually connected via a homenetwork interface.

Further, though the present invention was described taking an example ofa case where a UE performs communication using IPv6, a similar procedurecan be carried out in a case using IPv4 addresses. However, IPv4 globaladdresses are running out, so that it is expected to be difficult for anoperator of offering broadband access service to assign a large numberof IPv4 address blocks to individual home base stations. In this case,when internet connection through local IP access is used, it is presumedthat address translation based on NAT (Network Address Translation) isused. First, private address space such as 192.168.0.0/16 may be managedin the IP address pool inside the home base station so as to allot IPv4addresses to the UEs connecting to the home base station with Pv4addresses having a different subnet in the order of “192.168.1.1/netmask 255. 255. 255.0”, “192.168.2.1/net mask 255. 255. 255.0”,“192.168.n.1/net mask 255. 255. 255.0” (n is 3 to 255), for example.

Further, though the present invention was described taking an example ofa case where MME40 holds APN-IP address translation DB 454, the databasepart may be given as a separate apparatus while translation of an APN toan IP address may be performed by MME 40 making an inquiry to thedatabase apparatus. Moreover, when a plurality of MMEs 40 are installedin mobile communication system 1 for redundant design, it is possible toprovide such a configuration that each MME 40 makes an inquire to thedatabase apparatus.

Further, though the present invention was described taking an example ofa case where home base station 60 is connected to SGW 20 and MME 40 byway of GW 50, the invention should not be limited to this; home basestation 60 may be directly connected to SGW 20 and MME 40.

2. The Second Embodiment

Next, the second embodiment of the present invention will be described.This embodiment has the same network configuration and apparatusconfiguration as those of the first embodiment, except for theconfiguration of home base station 60, so that detailed description ofthe other configurations than that of home base station 60 is omitted.

[2.1 Apparatus Configuration]

First, each apparatus configuration will be briefly described withreference to the drawings.

[2.2 Home Base Station]

The configuration of a home base station 62 in the present embodimentwill be described. FIG. 27 is a diagram showing one example of theconfiguration of home base station 62, which is different from theconfiguration of home base station 60 in the first embodiment in thataccess right information 656 is recorded in a storage 658 (650).

FIG. 28 is a diagram showing one example of access right information656, which shows a UE identifier (e.g., “UE1”) and available service(e.g., “class 1; internet connection disallowed”, “class 2: home networkconnection allowed”, and the like) for every UE that comes to connect tohome base station 62.

It is assumed that the owner of home base station 62 can modify thisaccess right information 656, e.g., add new information of another UE,modify the available service for a particular UE.

Here, it is assumed that when information is added or modified, theinformation is synchronized with that written in subscription DB 352 ofHSS 30 shown in FIG. 6. As an information synchronizing means, when, forexample, any change in access right information takes place, home basestation 62 may give notice to HSS 30, or subscription DB 352 of HSS 30may be changed first, then HSS 30 may give notice to home base station62.

The other configurations are the same as home base station 60 of thefirst embodiment described with FIG. 11, so that detailed description isomitted.

[2.3 Description of Processing]

First, similarly to the first embodiment, home base station 62 performsa procedure of registration to mobile communication system 1. Further,UE 70 performs an attach process by way of home base station 62. Theregistering procedure and the present attach process are the same asthose in the first embodiment, so that description is omitted.

UE 70 further successively performs an attach process for local IPaccess by way of home base station 62. Herein, the difference from thefirst embodiment is the PMIP tunnel establishment process for local IPaccess. Next, the PMIP tunnel establishment process for local IP accessof the present embodiment will be described.

[2.3.1 PMIP Tunnel Establishment Process for Local IP Access (ProcessExample 2)]

FIG. 29 shows a PMIP tunnel establishment process for local IP access.

First, MME 40 transmits a bearer setup request to L-SGW unit 620 (S500).The bearer setup request includes a UE identifier (UE1) and an APN(BOB'S_HOME). However, differing from the first embodiment, the APN isnot added with information that represents the service class.

L-SGW unit 620 receives the bearer setup request, and transmits abinding update request to L-PGW unit 610 (S502) in order to establish aPMIP tunnel between L-SGW unit 620 and L-PGW unit 610. The bindingupdate request includes a UE identifier (UE1) and an APN (BOB'S_HOME).

L-PGW unit 610 receives the binding update request, and allots an HNP tothe UE first similarly to the first embodiment, to generate bindinginformation shown in FIG. 12 (S504).

Also as for PCO, a similar process is performed (S506). However, whendeciding the access right information to be stored in PCO, access rightinformation 656 owned by home base station 62 itself is referred to,instead of making a decision based on the added information to APN.

That is, in accordance with address right information 656, “class 1” isstored into the UE when internet connection alone is allowed to use,“class 2” is stored when home network connection alone is allowed touse, and “class 3” is stored when both internet connection and homenetwork are allowed to use.

Further, L-PGW unit 610 performs routing setup (S508) by establishing aPMIP tunnel 2 between L-PGW unit 610 and L-SGW unit 620 so that whenreceiving communication data addressed to HNP assigned to UE 70, theL-PGW unit forwards the communication data to L-SGW unit 620 via PMIPtunnel 2. In addition, L-PGW unit 610 performs packet filter setting upto determine whether each communication data should be forwarded or not,based on the packet filtering information (Step S510).

Also as for the packet filtering process, the same process as in thefirst embodiment is performed. However, a difference is in that theprocess is performed based on the access right information 656 stored athome base station 62, instead of performing based on the access rightinformation added to APN.

L-PGW unit 610 transmits a binding update response to L-SGW unit 620(S512). The message includes the assigned HNP and PCO stored with theclass of access right information.

Thereafter, L-SGW unit 620 having received the binding update responsetransmits a bearer setup response to MME 40 (S514). The bearer setupresponse includes the PCO set with the aforementioned service class andHNP.

By the procedures described above, the PMIP tunnel establishmentprocedure for local IP access is completed, so that establishment ofPMIP tunnel 2 is completed and only the communication data permittedbased on the access right information is forwarded.

The procedure afterwards is the same as that in the first embodiment, sothat description is omitted.

In this way, according to the second embodiment, since the home basestation also holds access right information on each UE similarly to HSS,it becomes no longer necessary to add access right information to APN asan extra step, it is hence possible to minimize addition of functions tothe MME.

In the first embodiment and the second embodiment, the procedure ofregistering home base station 60 and home base station 62 to mobilecommunication system 1 was described by taking an example of a casewhere the home base station transmits a local IP access registeringrequest to MME 40 as shown in FIG. 18 so as to request MME 40 to performregistration as a home base station that offers local IP accessfunctionality.

However, not limited to this, it is possible to extend the S1 setuprequest so as to send the extended S1 setup request including not onlyCSGID but also a new APN for local IP access (“BOB'S_HOME”), the IPaddress of L-PGW unit 610 and the IP address of L-SGW unit 620 (S600),as shown in FIG. 30, to thereby update APN-IP address translation DB454(S606). In this case, after updating APN-IP address translation DB454, aS1 setup response is transmitted (S602).

As the embodiments of this invention have been detailed heretofore withreference to the drawings, the specific configuration should not belimited to the embodied modes. Designs and others that do not departfrom the gist of this invention should also be included in the scope ofclaims.

DESCRIPTION OF REFERENCE NUMERALS

1 mobile communication system

10 PGW

100 controller

110 transmitting/receiving unit

120 packet transmitting/receiving unit

150 storage

152 binding information

160 PMIP processor

20 SGW

200 controller

210 transmitting/receiving unit

220 packet transmitting/receiving unit

250 storage

260 PMIP processor

270 bearer establishment processor

30 HSS

300 controller

310 transmitting/receiving unit

350 storage

352 subscription DB

40 MME

400 controller

410 transmitting/receiving unit

450 storage

452 subscription DB

454 APN-IP address translation DB

50 GW

500 controller

510 transmitting/receiving unit

520 packet transmitting/receiving unit

550 storage

60, 62 home base station

600 controller

610 L-PGW unit

612 banding information

620 L-SGW unit

630 LTE base station unit

635 external antenna

650, 658 storage

652 packet filtering information

654 IP address pool

656 access right information

660 home network interface unit

670 interface unit used for broadband access network

70 UE

700 controller

710 LTE interface unit

715 external antenna

720 packet transmitting/receiving unit

750 storage

752 APN list

770 bearer establishment processor

80 information terminal

800 controller

810 home network interface unit

850 storage

The invention claimed is:
 1. User Equipment (UE) in a communicationsystem, wherein the communication system is configured to contain: theUE; a base station; a core network; a network with which the UE iscommunicatable via the base station without passing through the corenetwork; and a foreign Packet Data Network (PDN), and the communicationsystem is configured to provide: a first connection service for directlyconnecting from the base station to the network; and a second connectionservice for connecting to the foreign PDN without passing through thecore network, wherein the UE is configured to store a first Access PointName (APN) in correspondence with allowance information indicating thatthe first connection service is allowed and the second connectionservice is disallowed, the UE is configured to transmit a PDNConnectivity Request message containing the first APN to the corenetwork, in order to request an establishment of a PDN connection, theUE is configured to receive a response with respect to the PDNConnectivity Request message containing the first APN and establish afirst PDN connection with an access control apparatus contained in thebase station, and the UE is configured to transmit data to and receivedata from the network, through the first PDN connection.
 2. The UEaccording to claim 1, wherein the UE is configured to store a second APNin correspondence with allowance information indicating that the firstconnection service is disallowed and the second connection service isallowed, the UE is configured to transmit a PDN Connectivity Requestmessage containing the second APN to the core network, in order torequest an establishment of a PDN connection, the UE is configured toreceive a response with respect to the PDN Connectivity Request messagecontaining the second APN and establish a second PDN connection with theaccess control apparatus contained in the base station, and the UE isconfigured to transmit communication data to and receive communicationdata from the foreign PDN, by selecting the second PDN connection. 3.The UE according to claim 1, wherein the foreign PDN is an Internet. 4.A position management apparatus with in a core network in acommunication system, wherein the communication system is configured tocontain: a User Equipment (UE); a base station; the core network; anetwork with which the UE is communicatable via the base station withoutpassing through the core network; and a foreign Packet Data Network(PDN), and the communication system is configured to provide: a firstconnection service for directly connecting from the base station to thenetwork; and a second connection service for connecting to the foreignPDN without passing through the core network, wherein the positionmanagement apparatus is configured to store a first Access Point Name(APN) in correspondence with allowance information indicating that thefirst connection service is allowed and the second connection service isdisallowed, the position management apparatus is configured to receive aPDN Connectivity Request message containing an APN transmitted from theUE, the position management apparatus is configured to allow toestablish a first PDN connection for the first connection servicebetween the UE and an access control apparatus contained in the basestation in a case that the APN transmitted from the UE and the first APNis identical, the position management apparatus is configured totransmit a bearer establishment request message containing the first APNto the UE, the bearer establishment request message being a response tothe PDN Connectivity Request message containing the first APN.
 5. Theposition management apparatus according to claim 4, wherein the positionmanagement apparatus is configured to store a second APN incorrespondence with allowance information indicating that the firstconnection service is disallowed and the second connection service isallowed, the position management apparatus is configured to receive aPDN Connectivity Request message containing the APN transmitted from theUE, the position management apparatus is configured to allow toestablish a second PDN connection for the second connection servicebetween the UE and the access control apparatus contained in the basestation, and the position management apparatus is configured to transmita bearer establishment request message containing the second APN to theUE, the bearer establishment request message being a response to the PDNConnectivity Request message containing the second APN.
 6. The positionmanagement apparatus according to claim 4, wherein the foreign PDN is anInternet.
 7. A base station in a communication system, wherein thecommunication system is configured to contain: a User Equipment (UE);the base station; a core network; a network with which the UE iscommunicatable via the base station without passing through the corenetwork; and a foreign Packet Data Network (PDN), and the communicationsystem is configured to provide: a first connection service for directlyconnecting from the base station to the network; and a second connectionservice for connecting to the foreign PDN without passing through thecore network, wherein the base station is configured to receive a bearerestablishment request message containing a first Access Point Name (APN)in correspondence with allowance information indicating that the firstconnection service is allowed and the second connection service isdisallowed from a position management apparatus within the core network,the bearer establishment request message being a response to a PDNConnectivity Request message transmitted from the UE, the base stationis configured to establish a first PDN connection for the firstconnection service with the UE.
 8. A base station in a communicationsystem, wherein the communication system is configured to contain: aUser Equipment (UE); the base station; a core network; a network withwhich the UE is communicatable via the base station without passingthrough the core network; and a foreign Packet Data Network (PDN), andthe communication system is configured to provide: a first connectionservice for directly connecting from the base station to the network;and a second connection service for connecting to the foreign PDNwithout passing through the core network, wherein the base station isconfigured to receive a bearer establishment request message containinga second Access Point Name (APN) in correspondence with allowanceinformation indicating that the first connection service is disallowedand the second connection service is allowed from a position managementapparatus within the core network, the bearer establishment requestmessage being a response to a PDN Connectivity Request messagetransmitted from the UE, the base station is configured to establish asecond PDN connection for the second connection service with the UE. 9.The base station according to claim 7, wherein the foreign PDN is anInternet.
 10. The base station according to claim 8, wherein the foreignPDN is an Internet.